We’re seeking an experienced and automation-driven IT Security Engineer to lead endpoint security, patching, and compliance across a globally distributed fleet of macOS, Windows, and mobile devices. In this hands-on role, you’ll architect and maintain secure-by-default baselines using modern MDM tooling (Intune, Kandji), enforce identity-first access via Entra ID, and drive proactive detection and remediation using scripting, telemetry, and Microsoft’s security stack.

Responsibilities

• Administer and secure endpoints (macOS, Windows, mobile) via Intune, Kandji; enable zero-touch enrollment (Autopilot/ADE).
• Serve as an escalation for endpoint issues impacting security, patching, and configuration.
• Implement identity workflows (SSO, SCIM, RBAC, group lifecycle, access reviews) in Microsoft Entra ID.
• Lead automated patch management for OS and third-party apps; define rings, deferrals, SLAs, and rollout/rollback playbooks.
• Author automation in PowerShell (Windows) and Bash/Zsh (macOS) for remediation, compliance, and telemetry.
• Integrate with the Microsoft security stack (Defender for Endpoint, Microsoft 365 Defender, Purview); tune policies, respond to alerts, and improve posture.
• Co-define baselines with Security (CIS/NIST hardening, device compliance) and enforce via MDM.
• Monitor device health in Endpoint Manager; investigate anomalies and drive root cause.
• Support secure networking controls (firewall/proxy) as needed for endpoint updates and access.
• Document policies, scripts, runbooks, and patch procedures; keep them current.

• Experience with compliance automation (CIS Benchmarks, custom compliance policies).
• Exposure to modern auth/device trust (Entra ID, device-based Conditional Access).
• Familiarity with EDR platforms (e.g., Defender).
• Experience supporting a globally distributed user/device base.
• Python for light tooling; Git-based workflows for scripts/profiles.